view counter

CybersecurityWhat CSPs can learn from the latest DDoS attacks

Published 31 October 2016

Around the world, communications service providers (CSPs) and subscribers were affected by the 21 October 2016 DDoS attack, making it virtually impossible to reach many popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers. The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. An expert offers a few key steps CSPs can take to prepare for similar attacks in the future.

On Friday, 21 October 2016, there was a major distributed denial of service (DDoS) attack that took down major U.S. company Web sites, including Twitter, Paypal, the New York Times, Box, Netflix, and more. The attack targeted managed DNS provider Dyn Inc., which hosts the authoritative DNS for these popular domains. The attack originated from a large number of compromised IoT devices, including Internet-connected cameras, routers and digital video recorders.

Around the world, communications service providers (CSPs) and subscribers were affected by the attack, making it virtually impossible to reach these popular Web sites for several hours. Although CSPs weren’t targeted directly, they were still affected since the outages drove additional caching DNS traffic caused by the errors from failed DNS requests. This spike in traffic slowed overall network performance, likely driving up customer support call volumes from unhappy subscribers.

The attacks highlighted the easily overlooked — yet vital — role that DNS plays on the Internet. A lone attacker was able to prevent hundreds of millions of Internet users from accessing their favorite sites by targeting a single managed DNS provider. Given the growth in IoT devices, the scale and frequency of these types of attacks is likely to increase. Without question, CSPs must be prepared for the unfortunate day when their DNS—or one of their subscribers—is the intended target of an attack, so as to preserve both network and brand integrity.

Craig Sprosts, Vice President, Product Management & Strategy at Nominum, writes that afew key steps CSPs can take to prepare for similar attacks in the future are outlined below.

1. Monitor DNS carefully
The Web site failures during the recent DDoS attack caused a surge in “SERVFAIL” errors as subscriber queries to these popular domains generated error responses. The chart below shows a surge in SERVFAIL errors from the attack, taken from a sample of Nominum CSP customers around the world. The yellow line represents the ration of “SERVFAIL” errors to total responses, which peaked at a remarkable 30 percent + of traffic on the day of the attack.